Bug#1110260: marked as done (rust-transpose: CVE-2023-53156)

Wed, 13 Aug 2025 10:20:02 -0700 

Your message dated Wed, 13 Aug 2025 17:10:19 +0000
with message-id <[email protected]>
and subject line Bug#1110260: fixed in rust-transpose 0.2.3-1
has caused the Debian Bug report #1110260,
regarding rust-transpose: CVE-2023-53156
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1110260: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110260
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: rust-transpose
Version: 0.2.2-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/ejmahler/transpose/issues/11
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

Hi,

The following vulnerability was published for rust-transpose.

CVE-2023-53156[0]:
| The transpose crate before 0.2.3 for Rust allows an integer overflow
| via input_width and input_height arguments.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2023-53156
    https://www.cve.org/CVERecord?id=CVE-2023-53156
[1] https://rustsec.org/advisories/RUSTSEC-2023-0080.html
[2] https://github.com/ejmahler/transpose/issues/11
[3] 
https://github.com/ejmahler/transpose/commit/c4bcd39fabca9a31a401d0cc42d4090869b5a37a

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: rust-transpose
Source-Version: 0.2.3-1
Done: Fab Stz <[email protected]>

We believe that the bug you reported is fixed in the latest version of
rust-transpose, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Fab Stz <[email protected]> (supplier of updated rust-transpose package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Aug 2025 16:06:51 +0000
Source: rust-transpose
Architecture: source
Version: 0.2.3-1
Distribution: unstable
Urgency: medium
Maintainer: Debian Rust Maintainers 
<[email protected]>
Changed-By: Fab Stz <[email protected]>
Closes: 1110260
Changes:
 rust-transpose (0.2.3-1) unstable; urgency=medium
 .
   * Package transpose 0.2.3 from crates.io using debcargo 2.7.8
     (Closes: #1110260)
Checksums-Sha1:
 5262bc51b24fe8475af9fda5029678dc260f78aa 2341 rust-transpose_0.2.3-1.dsc
 abc85d08c5a573620b81b590670b9ee9750c3ae8 10913 rust-transpose_0.2.3.orig.tar.gz
 630ed6d0770d0d36e432a08ff229b24049a10167 3056 
rust-transpose_0.2.3-1.debian.tar.xz
 ca51b13e67ddf7a3413f7a1b2db5265f224bc497 7785 
rust-transpose_0.2.3-1_source.buildinfo
Checksums-Sha256:
 a07d4864a3f6a3829f78cdb528858c5669039a416dcd5ec942ab075447fa5eca 2341 
rust-transpose_0.2.3-1.dsc
 1ad61aed86bc3faea4300c7aee358b4c6d0c8d6ccc36524c96e4c92ccf26e77e 10913 
rust-transpose_0.2.3.orig.tar.gz
 09c31b0898636ad530dac3cf15be6e97ed095cfdd14b722d7f1da4d094245c94 3056 
rust-transpose_0.2.3-1.debian.tar.xz
 a8a4bfebaf2cf3c9660cf9fe90517e1358ac1b7ef6401c90256c7120013476e6 7785 
rust-transpose_0.2.3-1_source.buildinfo
Files:
 8bc12cb7479b9b7b669efaeebd37ed4b 2341 rust optional rust-transpose_0.2.3-1.dsc
 7a09da27776f41e64bc590c0c6aa0549 10913 rust optional 
rust-transpose_0.2.3.orig.tar.gz
 d7b4d0686977f3c19798274efab78a11 3056 rust optional 
rust-transpose_0.2.3-1.debian.tar.xz
 2bb92aa36798c967f8db5996b4860119 7785 rust optional 
rust-transpose_0.2.3-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgBW52p/iQkghvSWBknUCmH1XxUsFAmicuPAACgkQknUCmH1X
xUsKGA/+KI0D1MZ/dXdDTLeFBF6gi9y5Lb3A/9L+G0nXytn4PoyxG2Dbbhsg5nop
r9ADo3MpDXQ/U3jRGxGjRKkffWr7mTa4bSPoa+b7TPOPGsrBSxXCVVoZK9DsWZ+0
gsfAwgefoAkQLeVQsdIJVEH4iaxn+uPokvhje86CxQKfv8kYXU87GeMZ7auN4Ydx
oUvlOsrUnotUACb+tlPTAi0/e5iBTLPWjcHMAw30oJGUGYAhh8f1RrG5gzUyPMPM
xcQuT57zOeZtBTZrk8btedd2S6rDbnKOPyo5Admc0sWdlNIRYIo/bUeCONIbz2wf
HJ3cji/sR2yPj79IQ6sF+nEfTdOulD7bio7QVIENJ1HQkudBOQtNfBcafTjUxlFg
Q7RbhoJiRpXPPOJOtNx19gC21+7zG4fRor+Ums/V0+Xrhy3KfskRWM8cBzk1ee5d
EHd2IA/PKrd7Dye+zMuhiKKrJxYqsHT2KIqqimgkDsRm2VBLI67ckVragAjH+9Lm
7E+pMnAr1vnvyDbGmiu812i2zGrjq9j8bE4RaK4k+uMjxAzuVE3D7ikGuXlUCCBg
9qRnfYV/26n/hFXGUN3+XzYfSK2CyWOIaVB1NfRqEDcjpBYwvbmadHKEtdnjhxDn
gG+T+5l9TIK1q+NX2NRkgM3uijdGZyRAP4Pp0Jwxfvn5tRZTnEo=
=Pwbf
-----END PGP SIGNATURE-----

Attachment: pgpWeFfj32jHf.pgp
Description: PGP signature


--- End Message ---

Reply via email to